[Openswan Users] Error in OPENSWAN with XL2TP

heta shah heta45 at gmail.com
Thu Jun 9 08:30:24 EDT 2011


Hello Sir,

Please help me on openswan in ubuntu.

I have upgrade the openswan to Openswan U2.6.30 version . But in this when I
am tring to ipsec verify its howing

root at heta-VirtualBox:/usr/local# sbin/ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.30/K2.6.35-22-generic (netkey)
Checking for IPsec support in kernel                            [OK]
SAref kernel support                                            [N/A]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking that pluto is running                                  [OK]
Pluto listening for IKE on udp 500                              [OK]
Pluto listening for NAT-T on udp 4500                           [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
root at heta-VirtualBox:/usr/local#


Mean of that ipsec is not supported to kernel so* how to compile kernel for
IPSEC Please help me*.


On Thu, Jun 2, 2011 at 1:40 PM, heta shah <heta45 at gmail.com> wrote:

> Hello Sir,
>
> Please help me regarding IPSEC with L2TP. I have configure OPENSWAN with
> L2TP . when I am tring to connect to server from NATed site it showing this
> error on server side.
> My server is Ubuntu 9.10 server edition with kernel  2.6.28-11-server
>
>
>
>
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #14: peer client type is FQDN
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #14: Applying workaround for MS-818043 NAT-T bug
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #14: IDci was FQDN: t\307\251-, using NAT_OA=192.168.1.35/32 as IDci
> Jun  2 13:30:48 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #14: the peer proposed: 116.199.169.45/32:17/1701 -> 192.168.1.35/32:17/0
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15: responding to Quick Mode proposal {msgid:314343e9}
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15:     us: 116.199.169.45<116.199.169.45>[+S=C]:17/1701
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15:   them: 117.196.10.91[@2k3test.enjay.com,+S=C]:17/1701===?
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Jun  2 13:30:49 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[12] 117.196.10.91
> #15: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x8b28bcad
> <0xa93368e1 xfrm=3DES_0-HMAC_MD5 NATOA=192.168.1.35 NATD=
> 117.196.10.91:4500 DPD=none}
> Jun  2 13:34:36 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91
> #18: received Delete SA(0x8b9e0884) payload: deleting IPSEC State #19
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91
> #18: received and ignored informational message
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91
> #18: received Delete SA payload: deleting ISAKMP State #18
> Jun  2 13:34:37 cloud-enjay pluto[2638]: "L2TP-PSK-NAT"[16] 117.196.10.91:
> deleting connection "L2TP-PSK-NAT" instance with peer 117.196.10.91
> {isakmp=#0/ipsec=#0}
> Jun  2 13:34:37 cloud-enjay pluto[2638]: packet from 117.196.10.91:4500:
> received and ignored informational message
>
>
> when I am starting the XL2TP service it gives this error.
>
> Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: setsockopt recvref[22]: Protocol
> not available
> Jun  2 13:37:01 cloud-enjay xl2tpd[24455]: This binary does not support
> kernel L2TP.
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: xl2tpd version xl2tpd-1.2.4
> started on cloud-enjay PID:24456
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Written by Mark Spencer,
> Copyright (C) 1998, Adtran, Inc.
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked by Scott Balmos and David
> Stipp, (C) 2001
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Inherited by Jeff McAdams, (C)
> 2002
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Forked again by Xelerance (
> www.xelerance.com) (C) 2006
> Jun  2 13:37:01 cloud-enjay xl2tpd[24456]: Listening on IP address 0.0.0.0,
> port 1701
>
> Please help me If anyone knows about it.
> --
> Thanks and Regards.
>
> Heta Shah
> 91-9662505876
>
>
>
>


-- 
Thanks and Regards.

Heta Shah
91-9662505876
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110609/90149a85/attachment.html 


More information about the Users mailing list